Electronic passports, which can be presented through the screen of mobile phones, must have crypto keys and a contactless face recognition system. Otherwise, their introduction will lead to the development of fraud, said hacker Dmitry Artimovich in an interview with URA.RU.
Earlier, the Ministry of Digital Development prepared a draft decree of the President of the Russian Federation Vladimir Putin on the use of electronic passports instead of paper ones upon presentation. The digital version of the document can be shown from the mobile application of the State Services portal.
“Will there be some kind of screen? Well, what if I take a screenshot of this screen or will I wear and show someone else’s? Just looking at the image is wrong. You need to use some kind of crypto-keys. How we used to pay using our phone when the Samsung Pay and Google Pay systems worked. In the same place, you showed neither a photo nor a screen. A specially protected module stores crypto-keys that are generated, for example, five transactions ahead. Your bank created, everything was saved in your phone, everything was certified. That is, there must be a system that either reads contactless as a terminal, or there must be some kind of temporary code that is generated for literally a few seconds, and there is a special database that checks this,” Dmitry Artimovich explained.
At the same time, the hacker did not rule out that such a system could fail. “On the other hand, what prevents you from stealing a phone, entering a pin code, if you use it at all, launching State Services, and showing your passport? In my opinion, it will be even easier than with a paper passport. In general, so far only questions,” Artimovich added.